Listen To The Podcast
We talked with Leila about:
- Creating My RIA Lawyer and what makes it different
- Compliance concerns in 2024
- Ways to stay educated and aware, even with an outsourced compliance solution on your side
About Leila Shaver:
Leila Shaver knows compliance for a firm is not a simple task and requires specialized knowledge. That’s why she founded My RIA Lawyer, an outsourced agency focused on navigating the legal complexities of the RIA space. A self-labeled “compliance nerd,” Leila uses her background to serve a range of clients, from start-ups to established firms with billions in assets under management.
Like what you heard? You’ll also love:
- Cybersecurity: How To Proactively Outsmart Cyber Threats For Your Financial Services Firm
- How To Create Trust-Based Lead Generation With Fintech Solutions
- Alleviating Client Pain Points Through Proactive Education
Full Audio Transcript
Layla, thank you for joining us today.
I'm excited to be here. Thank you for having me.
Yeah, I've seen you all over LinkedIn. You've got so many great things going on. We both are in this world of financial services, wealth management, and you have built, like you were saying earlier, kind of a boutique firm but not a small firm either, right? You've got a team, and I'm excited to hear more about the journey to how you got to where you are today with your business, a little bit more about your service offerings, and really get into the heart of compliance and where it's going, especially in the new year. So I don't want to steal your thunder. Why don't you share a little bit more about your background and the kind of things you guys do and a little bit more about your team?
Sure. I'm always happy to talk about myself, the firm, and the team. So my journey has kind of been one I think a lot of people in our industry can relate to. When I went into law school, I had no idea securities law was a thing. I hadn't considered financial services. It wasn't really something I was really exposed to going to school. So I got introduced to it because my mock trial coach in law school was in-house for a broker-dealer headquartered in Atlanta, and they needed some additional support and I needed a job. So there, yep. That's how I got in. And essentially what happened was they promoted me after law school and I became one of three in-house counsel. The great thing about this position was this firm was always having issues with regulators, which meant as one of three attorneys—and this was a firm that had over 500 register reps nationally—I got to do a lot of work.
I managed a lot of arbitrations, regulatory matters, but it was also my first introduction to what happens when compliance and supervision aren't doing what they're supposed to be doing. And from there, I worked at different fund companies. I was an associate at a law firm that specialized in hedge funds, and eventually I started My RIA Lawyer back in 2017, with the goal to really deliver services ultimately the way I wanted to deliver them. So much of what you get from service providers now is very consultative, telling you what to do. They're not kind of pulling up their sleeves and getting in the muck with you and taking the work off your plate. So where we have really kind of differentiated ourselves beyond using the hashtag not your daddy's law firm and calling ourselves a bunch of compliance nerds is that we’re really focused on taking the work over from you.
You're not going to get a call from us and we're just going to tell you what to do. Our job is to take it over. So we currently offer two levels of compliance services. There is our outsource compliance department service or OCD for short and OCD-plus, which is the outsource compliance department plus a CCO. And the service is really meant to simulate an in-house compliance department. So you don't get one consultant—you get a team of at least three to five people working in managing your compliance. So from that perspective, for some of our clients we are the only compliance people they have for their firm.
Got it. Got it. So you literally plug into their department structure as a piece of part of their department, if you will.
Right, and everyone in their firm has access to us. So advisors have questions, the executive team has questions, your administrative assistant has questions—they all can access us directly. And then we also offer legal services. So we have an ongoing general counsel service where we'll do corporate governance, E&O insurance updates, fidelity bond updates and renewal arbitration, litigation, regulatory defense enforcement defense, and then all the fun kind of transactional—I'm buying a book of business, I need some legal documents, I need a new employment contract, succession planning documents, buy-sell agreements, all the kind of fun transactional legal stuff. So we do all that as a general counsel for a firm as well. So again, really instead of providing advice, doing the work for our clients.
Got it. Do you mind sharing a little bit more about what we talked a little bit earlier, this idea of the kind of university platform you have as well. I'd love to hear about that offering.
Yes. So we also offer something called RIA Compliance University, and it is a subscription-based service. So our smaller firms that maybe aren't at the size yet where they can really benefit from our OCD and OCD-plus service, they will go to RIA Compliance University. It's a 12-week bootcamp. So over the course of 12 weeks, we lay down the foundation of what is compliance, what are the regulations that govern you, what are the different pieces you have to know as an owner of an RIA? And then every month we deliver teachings that are an inch wide and a mile deep, and with those teachings come additional resources like form templates, additional documents you can utilize. If we're talking about compliance testing, maybe it's the form to document, say your best execution review, for example. So really what it's meant to do is lay the foundation of education and knowledge for the advisor, and then provide ongoing training and education for that advisor who may be the CCO in their firm for their compliance staff. And by tackling one topic each month, it gives the compliance person or advisor an opportunity to take one piece of their compliance program and really lock it in and then move on to the next piece every month.
So smart. We see that a lot too, where you've got usually it's a dual role, right? It's like an advisor and they're also wearing the compliance hat, or it's the COO or something of that sort. And it's a lot to keep up with.
A ton to keep up with.
So you providing that offering, I'm sure helps folks to sharpen their own toolkit as they're on their growth path.
Well, I mean, let's be real. How many advisors are going to go out there and read the 600-page new rule document? You know what I mean?
You’ll be able to understand it, from all the legal jargon and everything. So it's a lot to unpack. So, okay, thinking about compliance because it is so important and it hits all RIA firms, I’d be curious to hear, since you've got such a pulse on it, what does it look like for the new year? Are there any new pieces that are rolling out that would be helpful to talk about? Are there any trends in how folks are handling their own compliance departments or trainings? I'd love to hear from your perspective what you are seeing.
Sure. So I mean, the big concern from a regulatory perspective is going to be technology, cybersecurity, and ensuring advisors are fulfilling their fiduciary duty, right? So ChatGPT— that came out and everyone went crazy, even in the legal industry. I can't tell you how many attorneys tell me they sent pleadings into the court system with fake cases from ChatGPT. But I think it highlights some of the similar concerns when it comes to cybersecurity and using AI in the financial services arena and making sure you're using an AI that's got a fixed loop of data it's referring to rather than something like ChatGPT that's just pulling data from anywhere and everywhere on the internet. We talk about cybersecurity. So when I first started in this industry, there were no high-definition color copies. We were still doing fax, we still had the company cell phones.
The technology just wasn't where it is. Now, just about all the clients we have are on some sort of cloud-based application when it comes to keeping the records. When you go access your custodian, you can access it from your telephone, your tablet, your computer. Technology has come a really long way. But something that COVID really revealed to us too was that there are so many gaps in our cybersecurity, and traditionally RIAs just haven't made cybersecurity a high priority in their firm. So we see a lot of firms getting hacked, and it can be low tech ways of hacking. How many times do you get an email and it's like, oh, you need to reset your Microsoft password, and you look at where it's from. It's an email address that's like 20 characters long.
So cybersecurity is a big issue. Implementing things like multi-factor authentication, changing passwords every so often, having requirements when it comes to the strength of your passwords, how many characters, if it's a combination of numbers, letters, and special characters, that kind of thing. So cybersecurity is really important. And in our industry where we have so much access to sensitive data, like Social Security numbers, addresses, legal names, physical addresses—that is data hackers want. So financial services is a huge target for these hackers.
And then finally, I mentioned the advisor's fiduciary duty. So the fiduciary duty requires advisors do what's in the best interest of their clients, which is higher than a suitability standard, which just means the product or recommendation has to be suitable, may not necessarily be in their best interest but it's suitable with financial advisors. It has to be in their best interest. And that also means you're putting your client's interest ahead of your own. So when we're looking at fiduciary duty, we're looking at different ways in which advisors are compensated. We're looking at disclosure of conflicts of interest. We're looking at whether they're doing things like vendor due diligence and providing oversight over third-party asset managers they're utilizing. So these are kind of all areas of concern we're tracking that are top priorities for regulators going into 2024.
It's a lot, when you say compliance, you may just think of being prepared for the SEC coming in and doing a filing, and there's so much more to it that's involved. If a firm is entertaining having that sort of outsourced department, what are the key things to be able to get ready for a team like yours to be able to come in? Or even just tips folks should be thinking about to be ready as they're growing their compliance teams so they are kind of thinking broadly and not narrow with compliance as a topic at large?
So I think something advisors have to put aside is this thought of compliance as overhead. When we go and work with clients of different sizes—this is an issue for both the small RIA, maybe a hundred million in assets and couple advisors, and the $10 billion AUM firm and up—is that compliance has traditionally been understaffed, and it's because it's considered a cost center. It's overhead, right? But when you look at all the SEC's releases year over year in terms of the amount of fines they've levied, the amount of discouragement, the number of suspensions, almost every year for the last five years it's been a record. So when we're thinking about what is the cost of not having good compliance or adequate compliance these days, it's significantly high. And so you can't look at compliance as a cost center anymore. If anything, it's a cost savings center because it's keeping you from having to pay these fines to the regulators.
So I think that's kind of the first mindset adjustment, different way. And then second, there's firms out there that still use spreadsheets. It drives me nuts. There is so much technology out there now where we can set up your compliance calendar, outline all the tasks that are required, all the forms that need to be completed to document your compliance testing, and then automate it to just remind you. However, and there are still a lot of firms, large firms too, they're still using spreadsheets. They're not using compliance-specific technology but they're trying to mesh together their CRM and their document retention location to try to create some sort of system for tracking compliance, and it doesn't work. When we see firms like that, we systematically identify deficiencies and sometimes very serious deficiencies when they manage compliance that way. It also makes it very easy for people to hide wrongdoing if you're only tracking things via a spreadsheet. With technology, we can pull reporting, we can view trends, we can see what the problem branch office is or the problem advisor is, and be able to address that because the technology creates that data for us.
Yep. I'm sure that's part of your process, just auditing all the tools that are in existence or not in existence to be able to put those checks and balances in place.
It is, and I think some of it too is technology is also overhead. It's a cost. So there's sometimes where firms want to get the lowest cost option, that's not always the best way either. So an example, we have clients who want to use Microsoft as their email retention. Well, Microsoft's really not built to be able to have the search capabilities of say, a Global Relay or Smarsh. So while it might meet the standard of the regulators from an archiving tool perspective, it's incredibly difficult from a testing perspective to use that technology. So there are things like that we look at to streamline compliance, improve upon what's already there, implement solutions that are going to be more robust and make compliance more efficient in what it does as well.
Yeah, we hear it on the marketing side. I mean, you said Smarsh. I'm like, yep, we know about Smarsh track, social media sites, all kinds of things. So I mean, yeah, I hear what you're saying. Absolutely. We're right about at the top of our time. But any other kind of closing thoughts or resources or things you think would be helpful to share too?
So I think it's really important that advisors know, especially where you're the CCO of your firm, is that the regulators nowadays are not taking the excuse, I didn't know. I didn't know I was supposed to do that. I didn't know this was required. With so much regulation coming out, just look at the last 12 months and how many regulations are queued out to come in the years coming forward, it's incredibly important that advisors, if they can't do it themselves, they're getting an outsourced solution or they're hiring in-house someone who knows compliance. You cannot make your admin, your CCO; you can't make another advisor who has no compliance background your CCO—you really have to get someone who has the knowledge, skill, and experience to fill that role and run that program and not having the right person and not having an adequate program is no defense when it comes to the regulators.
So it's incredibly important to, especially if you outsource, to pick the right vendor. We've had to do a lot of cleanup after some vendors that don't do adequate work. And the firm thought, well, I had this outsourced provider and I thought they were handling it. You cannot abdicate, right? If you are going to outsource, you still have to monitor. You still have to create some accountability with your outsourced provider as well. So I mean, that's my big advice. In terms of resources, we actually do a weekly newsletter and we call it our three, two, one. It's three regulatory updates, two things we recommend advisors do, and then one action item for the week. So that's a great resource if anyone wants to subscribe. But otherwise, the SEC and FINRA websites, for press releases going to NASAA and they have a lot of great information for advisors as well. But the important piece is to create some sort of cadence in which you try to keep yourself educated.
Yep. That's so smart. Well, we'll make sure to include those links below as well to your website too for folks to be able to sign up. I appreciate your time and just sharing more about this, not only your business structure and your offerings but a little bit more about what's going on currently with compliance. Then a look ahead for the new year. So thank you again.
Well, thank you for the opportunity. I appreciate it.